Want more timely Centmin Mod News Updates?
Become a Member

Letsencrypt bought name.com ssl certificate how to use

Discussion in 'Install & Upgrades or Pre-Install Questions' started by Altair, Oct 4, 2020.

  1. Altair

    Altair Member

    68
    3
    8
    Jan 27, 2018
    Ratings:
    +3
    Local Time:
    2:42 PM
    Hi,

    I created a new vhost using centmin mod menu option #2 & answered yes to "create self ssl certificate", I also registered
    a domain name on name.com and bought SSL certificate too.

    the instructions on name.com says:
    Please set up your web hosting and have your CSR key on hand before activating your certificate.

    What guide do I follow to set this up

    @eva2000
     
  2. eva2000

    eva2000 Administrator Staff Member

    45,441
    10,312
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,994
    Local Time:
    10:42 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    You really don't need to buy SSL certificates as Centmin Mod natively supports Letsencrypt free SSL certificates when you set LETSENCRYPT_DETECT=’y’ in a persistent configuration file /etc/centminmod/custom_config.inc prior to running centmin.sh menu option 2 or 22 or nv command line.

    But if you want to use a paid SSL certificate see old instructions How to switch self-signed SSL certificate to paid SSL certificate ?.
    The steps at Nginx HTTP/2 & SPDY SSL Configuration - CentminMod.com LEMP Nginx web stack for CentOS outline how you generate a CSR file and private key to pass the CSR file to the paid SSL certificate provider name.com

    Or just cancel the name.com SSL cert and use free Letsencrypt SSL certificate which you can generate via acmetool.sh add reissue-only option for existing nginx HTTPS SSL vhosts with domain.com.ssl.conf vhost config files that exist. This only does reissue of letsencrypt SSL cert without touching the nginx vhost. Ideal for use when you tried creating a Nginx HTTPS SSL default vhost site but letsencrypt SSL issuance failed the first time. When it fails, Centmin Mod usually falls back to self-signed SSL as a place holder for the domain.com.ssl.conf vhost config. When you run:
    Code (Text):
    cd /usr/local/src/centminmod/addons
    ./acmetool.sh reissue-only domain.com live
    

    It will only try reissuing the letsencrypt SSL certificate for the domain = domain.com for live production SSL certificate without touching any of the existing nginx vhost at domain.com.ssl.conf
     
  3. Altair

    Altair Member

    68
    3
    8
    Jan 27, 2018
    Ratings:
    +3
    Local Time:
    2:42 PM
    thanks @eva2000 it worked, however after trying to browse the website, the website needs about 4,5 minutes to load!!

    why is it that slow? before the SSL it would load fast in seconds. The script I'm running is wordpress

    is this because the SSL is from name.com and it need to validate some other server first for the SSL?

    in cloudflare I have dns only and I've chosen Full SSL mode when configuring cloudflare
     
    Last edited: Oct 5, 2020
  4. Altair

    Altair Member

    68
    3
    8
    Jan 27, 2018
    Ratings:
    +3
    Local Time:
    2:42 PM
  5. eva2000

    eva2000 Administrator Staff Member

    45,441
    10,312
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,994
    Local Time:
    10:42 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    hard to say, you'd need to page speed test your site to see what's up on front end there's Webpagetest WebPerf - PageSpeed - How to use webpagetest.org for page load speed testing and then check backend, nginx, php-fpm and MariaDB MySQL for issues

    You can test in SSH via curl to check headers for location field (where the redirect goes) using the following commands:
    Code (Text):
    curl -I http://domain.com
    

    Code (Text):
    curl -I http://www.domain.com
    

    Code (Text):
    curl -I https://domain.com
    

    Code (Text):
    curl -I https://www.domain.com
    


    For posting code or output from commands to keep the formatting, you might want to use CODE tags for code How to use forum BBCODE code tags :)
     
  6. Altair

    Altair Member

    68
    3
    8
    Jan 27, 2018
    Ratings:
    +3
    Local Time:
    2:42 PM
    Thanks eva for replying.

    here is the result of the commands

    Code:
    curl -I http://redacted.com
    HTTP/1.1 302 Moved Temporarily
    Date: Mon, 05 Oct 2020 15:57:26 GMT
    Content-Type: text/html
    Content-Length: 138
    Connection: keep-alive
    Location: https://redacted.com/
    Server: nginx centminmod
    X-Powered-By: centminmod
    
    Code:
    curl -I http://redacted.com
    HTTP/1.1 302 Moved Temporarily
    Date: Mon, 05 Oct 2020 15:57:48 GMT
    Content-Type: text/html
    Content-Length: 138
    Connection: keep-alive
    Location: https://redacted.com/
    Server: nginx centminmod
    X-Powered-By: centminmod
    
    Code:
    curl -I https://redacted.com
    HTTP/1.1 200 OK
    Date: Mon, 05 Oct 2020 15:58:00 GMT
    Content-Type: text/html; charset=UTF-8
    Connection: keep-alive
    Vary: Accept-Encoding
    Set-Cookie: PHPSESSID=13onvd8u8u0qinflf1kcmj8mpf; path=/
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate
    Pragma: no-cache
    Set-Cookie: site_currency=USD; expires=Fri, 29-Jan-2021 07:58:00 GMT; Max-Age=9993600; path=/
    Link: <https://redacted.com/wp-json/>; rel="https://api.w.org/"
    Link: <https://redacted.com/wp-json/wp/v2/pages/851>; rel="alternate"; type="application/json"
    Link: <https://redacted.com/>; rel=shortlink
    Server: nginx centminmod
    X-Powered-By: centminmod
    X-Xss-Protection: 1; mode=block
    X-Content-Type-Options: nosniff
    
    Code:
    curl -I https://www.redacted.com
    HTTP/1.1 301 Moved Permanently
    Date: Mon, 05 Oct 2020 15:58:19 GMT
    Content-Type: text/html; charset=UTF-8
    Connection: keep-alive
    Set-Cookie: PHPSESSID=22caohiaae5mpdsp3ni5l5n3kn; path=/
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate
    Pragma: no-cache
    Set-Cookie: site_currency=USD; expires=Fri, 29-Jan-2021 07:58:19 GMT; Max-Age=9993600; path=/
    X-Redirect-By: WordPress
    Location: https://redacted.com/
    Server: nginx centminmod
    X-Powered-By: centminmod
    X-Xss-Protection: 1; mode=block
    X-Content-Type-Options: nosniff
    
     
  7. Altair

    Altair Member

    68
    3
    8
    Jan 27, 2018
    Ratings:
    +3
    Local Time:
    2:42 PM
    Dear @eva2000,

    I still have an issue with this, the badge in my browser is "not secure" and if I click on it
    I get (certificate valid) and the issuer is reported. (the issuer of the certificate).

    Why do I have insecure badge?
    Although when I access the admin dashboard of my Wordpress site I get secure badge
     
  8. brijendrasial

    brijendrasial Active Member

    126
    94
    28
    Mar 21, 2018
    Ratings:
    +148
    Local Time:
    6:12 PM
    1.13.9
    10.0.22-MariaDB
    What is your website address?
     
  9. eva2000

    eva2000 Administrator Staff Member

    45,441
    10,312
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,994
    Local Time:
    10:42 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    You might have mixed content issue so need to adjust your web app and/or web site style itself see What Is Mixed Content? - KeyCDN Support
     
  10. Altair

    Altair Member

    68
    3
    8
    Jan 27, 2018
    Ratings:
    +3
    Local Time:
    2:42 PM
    Wow eva, you are the king of servers, the logo was being fetched using HTTP, changed it to https and the badge worked!

    someone should invest or fund eva the founder of centminmod because of his great experience that is evident everywhere on this site.